azurerm_key_vault_key: add support for EC curve based keys #1814
Conversation
- Remove ForceNew on the `key_size` and `key_type` attributes - Create a new version of the Key Vault key instead of deleting the key and replacing it. This matches the behavior of Key Vault secrets when updating their values
- Get the key size from the public modulus `N` when importing a RSA Key Vault key - Add test for importing an RSA key
- Add DiffSuppressFunc for the `key_size` when managing an EC key -- the field isn't used by Azure when creating/updating EC keys, but creates a diff since it's a required field - Add test for importing an EC key
- Add support for ECHSM keys - Add support for specifying the EC curve - Make `key_size` optional since it does not apply to EC keys - Export `x` and `y` attributes for EC keys - Update docs with new schema details
There was a problem hiding this comment.
Hi @phekmat,
Thank you for the enhancements here, i've taken a look through and left some comments inline.
My main concern was the diffSuppressFunctions as I didn't think they are required & removing force new and conditionally doing so in the Update function.
As such I pulled this down to check and was able to get the tests to pass without the suppresses 🙂 I hope you don't mind but i'm going to push some changes so i can get this merged today.
As I am going to remove the force new (as conditional resource recreation on update is not consistent with the rest of the provider) and i'm not sure what you were trying to accomplish please feel free to open a new PR with further details and just that change.
Thanks again!
There was a problem hiding this comment.
Hi @phekmat,
Thank you for the enhancements here, i've taken a look through and left some comments inline.
My main concern was the diffSuppressFunctions as I didn't think they are required & removing force new and conditionally doing so in the Update function.
As such I pulled this down to check and was able to get the tests to pass without the suppresses 🙂 I hope you don't mind but i'm going to push some changes so i can get this merged today.
As I am going to remove the force new (as conditional resource recreation on update is not consistent with the rest of the provider) and i'm not sure what you were trying to accomplish please feel free to open a new PR with further details and just that change.
Thanks again!
katbyte
changed the title
|
Thanks for the changes. I definitely don't mind :). |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
This PR brings a few improvements to
azurerm_key_vault_key:terraform importfor key vault keys, which would show a diff in thekey_sizeafter being importedFixes #1943